1. Home
  2. Cisco Systems
  3. ACL trouble - Testing connection to SMTP Server

ACL trouble - Testing connection to SMTP Server

I am trying to test connection to my SMTP server and check my incoming ACLs but I am having trouble. My incoming on the public interface ACL is as follows:

ip access-list extended filterin deny ip 192.168.0.0 0.0.255.255 any log-input deny ip 10.0.0.0 0.255.255.255 any log-input deny ip 172.16.0.0 0.15.255.255 any log-input deny ip 127.0.0.0 0.255.255.255 any log-input deny ip 224.0.0.0 15.255.255.255 any log-input deny ip host 0.0.0.0 any log-input deny icmp any any echo log-input deny tcp any any eq 23 log-input permit icmp any any packet-too-big permit icmp any any echo-reply permit tcp any host PUBLIC-IP eq 25 log-input evaluate packets deny ip any any log-input

and I have a static NAT for the PUBLIC IP

ip nat inside source static PRIVATE-IP-OF-EXCHANGE-SERVER PUBLIC-IP

When I telnet in, I see hits on the ACL denying telnet (X matches) etc. However, when I telnet in:

telnet PUBLIC-IP 25

To test connectivity to my SMTP server, no matches hit the ACL. Does anyone see anything wrong? There are no other hits on ACLs (except for pings when i ping in or out and the implicit deny).

And when I do a show ip nat translations, it shows the static but with no Protocol, or Outside ip's. Would those show up?

Thanks.

Reply to
K.J. 44
Loading thread data ...

If an ISP is doing port 25 blocking, when I try to test getting through my firewall to my mail server by telnetting on port 25, will that get blocked too?

I have rules to allow SMTP traffic through and was trying to test them with this method and I saw nothing on my ACL firewall hits. I have been very confused by this for several days. Then I tried to telnet into port 25 on a company that i used to work for where this worked (using a different ISP for connection) and it timed out.

Thanks.

Reply to
K.J. 44

Depends on the ISP. Most residential and even some business services have blocked port 25 in and outbound forcing relaying off the ISP's server to reduce SPAM.

PPPoX sounds like a smaller type ISP that may wish to introduce this in their network, I would contact them.

Reply to
Chad Mahoney

I just noticed, your header info points your IP to 69.214.4.217 when I telnet into that IP the connection is accepted but no SMTP banner appears. Is 69.214.4.217 your IP?

Reply to
Chad Mahoney

No. That is a connection from home that I am trying to telnet in. That's where I think the port 25 blocking is. My mail server is connected to a T1 at another carrier. I am trying to telnet from my home to the mail server at work.

We already have our mail hosted somewhere else so customers have been using that. I need to test the mail server before I move the records over because of that.

Thanks.

Chad Mah> > If an ISP is doing port 25 blocking, when I try to test getting through

Reply to
K.J. 44

And sorry, I tried to remove this post when I thought of the port 25 and so now I have two posts talking about the same thing.

My bad.... its been > K.J. 44 wrote:

Reply to
K.J. 44

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.